Email to custom address fails: "lost connection after EHLO"

I have a category with a ‘Custom incoming email address’ set – [CATEGORY]@forum.tasat.org

When I email directly from Gmail to the address, messages are processed as expected and land in the category.

mail-receiver logs on success:

Oct 30 05:26:43 forum-mail-receiver postfix/smtpd[76028]: connect from mail-ot1-f46.google.com[209.85.210.46]
Oct 30 05:26:43 forum-mail-receiver postfix/smtpd[76028]: B5B78309A1E: client=mail-ot1-f46.google.com[209.85.210.46]
Oct 30 05:26:43 forum-mail-receiver postfix/cleanup[76035]: B5B78309A1E: message-id=<CAA0dvufnp4EsAjp9XxjjirzOvocEZn9qO1bbB2h+RhC-6GZP2w@mail.gmail.com>
Oct 30 05:26:43 forum-mail-receiver postfix/qmgr[98]: B5B78309A1E: from=<[NAME]@gmail.com>, size=3056, nrcpt=1 (queue active)
Oct 30 05:26:43 forum-mail-receiver postfix/smtpd[76028]: disconnect from mail-ot1-f46.google.com[209.85.210.46] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
<23>Oct 30 05:26:43 receive-mail[76037]: Recipient: [CATEGORY]@forum.tasat.orgOct 30 05:26:44 forum-mail-receiver postfix/pipe[76036]: B5B78309A1E: to=<[CATEGORY]@forum.tasat.org>, relay=discourse, delay=0.57, delays=0.23/0.02/0/0.32, dsn=2.0.0, status=sent (delivered via discourse service)
Oct 30 05:26:44 forum-mail-receiver postfix/qmgr[98]: B5B78309A1E: removed

But when I submit a message to [CATEGORY]@forum.tasat.org, with identical contents, from a contact form at our landing page on carrd.co, it is not processed.

mail-receiver logs on failure:

Oct 30 06:47:20 forum-mail-receiver postfix/smtpd[76057]: connect from a69-230.smtp-out.amazonses.com[54.240.69.230]
Oct 30 06:47:20 forum-mail-receiver postfix/smtpd[76057]: lost connection after EHLO from a69-230.smtp-out.amazonses.com[54.240.69.230]
Oct 30 06:47:20 forum-mail-receiver postfix/smtpd[76057]: disconnect from a69-230.smtp-out.amazonses.com[54.240.69.230] ehlo=1 commands=1

Apparently the EHLO command is used to “Identify the domain name of the sending host to SMTP”.

I don’t know where to go with this. What would cause EHLO to fail? Do I have to whitelist SES or something…?

EHLO likely didn’t fail; postfix is saying that the sending end sent an EHLO and then dropped the connection. Something like this:

[baron ~]$ telnet forum.tasat.org 25
Trying 64.176.213.39...
Connected to forum.tasat.org.
Escape character is '^]'.
220 ESMTP server
EHLO baron
250-forum-mail-receiver.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
^]
telnet> quit

(you’ll probably see a similar message in your logs referencing my IP)

This is a problem on SES’s end. I’d advise watching the traffic coming in on port 25 to see if there’s any indication why it dropped, or check SES to see if it has any logs.

Thanks supermathie – I don’t have access to carrd.co’s SES logs, but I have port 25 logs from another failed attempt. (Wish I knew how to interpret.) Anything jump out at you here…?

SES failure - Discourse mail-receiver log
Oct 30 16:50:11 forum-mail-receiver postfix/anvil[76091]: statistics: max connection count 1 for (smtp:159.203.42.156) at Oct 30 16:46:35
Oct 30 16:50:11 forum-mail-receiver postfix/anvil[76091]: statistics: max cache size 1 at Oct 30 16:46:35
Oct 30 17:49:01 forum-mail-receiver postfix/smtpd[76093]: connect from a69-230.smtp-out.amazonses.com[54.240.69.230]
Oct 30 17:49:01 forum-mail-receiver postfix/smtpd[76093]: lost connection after EHLO from a69-230.smtp-out.amazonses.com[54.240.69.230]
Oct 30 17:49:01 forum-mail-receiver postfix/smtpd[76093]: disconnect from a69-230.smtp-out.amazonses.com[54.240.69.230] ehlo=1 commands=1
root@forum:/var/discourse#
SES failure - Wireshark port 25 log
No.	Time	Source	Destination	Protocol	Length	Info
11913	85.864926	54.240.69.230	64.176.213.39	TCP	74	50903 → 25 [SYN] Seq=0 Win=26883 Len=0 MSS=1460 SACK_PERM TSval=1554444054 TSecr=0 WS=128
11914	85.865305	64.176.213.39	54.240.69.230	TCP	74	25 → 50903 [SYN, ACK] Seq=0 Ack=1 Win=43440 Len=0 MSS=1460 SACK_PERM TSval=958362575 TSecr=1554444054 WS=1024
11921	85.871994	54.240.69.230	64.176.213.39	TCP	66	50903 → 25 [ACK] Seq=1 Ack=1 Win=27008 Len=0 TSval=1554444061 TSecr=958362575
12239	86.221038	64.176.213.39	54.240.69.230	SMTP	84	S: 220 ESMTP server
12245	86.227770	54.240.69.230	64.176.213.39	TCP	66	50903 → 25 [ACK] Seq=1 Ack=19 Win=27008 Len=0 TSval=1554444417 TSecr=958362931
12246	86.228748	54.240.69.230	64.176.213.39	SMTP	103	C: EHLO a69-230.smtp-out.amazonses.com
12247	86.228791	64.176.213.39	54.240.69.230	TCP	66	25 → 50903 [ACK] Seq=19 Ack=38 Win=44032 Len=0 TSval=958362939 TSecr=1554444418
12248	86.228963	64.176.213.39	54.240.69.230	SMTP	220	S: 250-forum-mail-receiver.localdomain | PIPELINING | SIZE 10240000 | VRFY | ETRN | ENHANCEDSTATUSCODES | 8BITMIME | DSN | CHUNKING
12253	86.236796	54.240.69.230	64.176.213.39	TCP	66	50903 → 25 [FIN, ACK] Seq=38 Ack=173 Win=28032 Len=0 TSval=1554444426 TSecr=958362939
12254	86.237257	64.176.213.39	54.240.69.230	TCP	66	25 → 50903 [FIN, ACK] Seq=173 Ack=39 Win=44032 Len=0 TSval=958362947 TSecr=1554444426
12257	86.243960	54.240.69.230	64.176.213.39	TCP	66	50903 → 25 [ACK] Seq=39 Ack=174 Win=28032 Len=0 TSval=1554444433 TSecr=958362947

For comparison:

Gmail success - Wireshark port 25 log
No.	Time	Source	Destination	Protocol	Length	Info
1173638	893.998102	162.142.125.93	64.176.213.39	TCP	74	27763 → 25 [SYN] Seq=0 Win=42340 Len=0 MSS=1460 SACK_PERM TSval=1729720003 TSecr=0 WS=1024
1173639	893.998341	64.176.213.39	162.142.125.93	TCP	74	25 → 27763 [SYN, ACK] Seq=0 Ack=1 Win=43440 Len=0 MSS=1460 SACK_PERM TSval=2319295245 TSecr=1729720003 WS=1024
1173667	894.015884	162.142.125.93	64.176.213.39	TCP	54	27763 → 25 [RST] Seq=1 Win=0 Len=0
1178853	897.638926	162.142.125.207	64.176.213.39	TCP	74	60246 → 25 [SYN] Seq=0 Win=21900 Len=0 MSS=1460 SACK_PERM TSval=1654559109 TSecr=0 WS=1024
1178855	897.639088	64.176.213.39	162.142.125.207	TCP	74	25 → 60246 [SYN, ACK] Seq=0 Ack=1 Win=43440 Len=0 MSS=1460 SACK_PERM TSval=461108143 TSecr=1654559109 WS=1024
1178884	897.656814	162.142.125.207	64.176.213.39	TCP	66	60246 → 25 [ACK] Seq=1 Ack=1 Win=22528 Len=0 TSval=1654559127 TSecr=461108143
1179106	897.805588	64.176.213.39	162.142.125.207	SMTP	84	S: 220 ESMTP server
1179134	897.823322	162.142.125.207	64.176.213.39	TCP	66	60246 → 25 [ACK] Seq=1 Ack=19 Win=22528 Len=0 TSval=1654559293 TSecr=461108310
1179139	897.825315	162.142.125.207	64.176.213.39	SMTP	86	C: EHLO www.censys.io
1179140	897.825350	64.176.213.39	162.142.125.207	TCP	66	25 → 60246 [ACK] Seq=19 Ack=21 Win=44032 Len=0 TSval=461108329 TSecr=1654559295
1179142	897.825495	64.176.213.39	162.142.125.207	SMTP	220	S: 250-forum-mail-receiver.localdomain | PIPELINING | SIZE 10240000 | VRFY | ETRN | ENHANCEDSTATUSCODES | 8BITMIME | DSN | CHUNKING
1179173	897.844902	162.142.125.207	64.176.213.39	SMTP	76	C: STARTTLS
1179174	897.845039	64.176.213.39	162.142.125.207	SMTP	108	S: 502 5.5.1 Error: command not implemented
1179207	897.865559	162.142.125.207	64.176.213.39	TCP	66	60246 → 25 [FIN, ACK] Seq=31 Ack=215 Win=22528 Len=0 TSval=1654559335 TSecr=461108349
1179208	897.865879	64.176.213.39	162.142.125.207	TCP	66	25 → 60246 [FIN, ACK] Seq=215 Ack=32 Win=44032 Len=0 TSval=461108370 TSecr=1654559335
1179237	897.883702	162.142.125.207	64.176.213.39	TCP	66	60246 → 25 [ACK] Seq=32 Ack=216 Win=22528 Len=0 TSval=1654559353 TSecr=461108370
1423203	1062.340039	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980279080 TSecr=0 WS=256
1424699	1063.379486	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980280120 TSecr=0 WS=256
1426247	1064.403473	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980281144 TSecr=0 WS=256
1427782	1065.427579	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980282168 TSecr=0 WS=256
1429343	1066.451555	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980283192 TSecr=0 WS=256
1430904	1067.475717	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980284216 TSecr=0 WS=256
1433947	1069.523326	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980286264 TSecr=0 WS=256
1440507	1073.555346	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980290296 TSecr=0 WS=256
1452771	1081.619544	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980298360 TSecr=0 WS=256
1476480	1098.003562	2001:4860:4864:20::33	2001:19f0:1000:68ec:5400:4ff:fe92:8e2b	TCP	94	[TCP Retransmission] 45423 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 SACK_PERM TSval=980314744 TSecr=0 WS=256
1511662	1122.242370	209.85.160.45	64.176.213.39	TCP	74	45424 → 25 [SYN] Seq=0 Win=65535 Len=0 MSS=1412 SACK_PERM TSval=806841994 TSecr=0 WS=256
1511663	1122.242862	64.176.213.39	209.85.160.45	TCP	74	25 → 45424 [SYN, ACK] Seq=0 Ack=1 Win=43440 Len=0 MSS=1460 SACK_PERM TSval=51132547 TSecr=806841994 WS=1024
1511715	1122.273627	209.85.160.45	64.176.213.39	TCP	66	45424 → 25 [ACK] Seq=1 Ack=1 Win=269824 Len=0 TSval=806842025 TSecr=51132547
1511825	1122.343466	64.176.213.39	209.85.160.45	SMTP	84	S: 220 ESMTP server
1511876	1122.374090	209.85.160.45	64.176.213.39	TCP	66	45424 → 25 [ACK] Seq=1 Ack=19 Win=269824 Len=0 TSval=806842125 TSecr=51132647
1511877	1122.374242	209.85.160.45	64.176.213.39	SMTP	96	C: EHLO mail-oa1-f45.google.com
1511878	1122.374276	64.176.213.39	209.85.160.45	TCP	66	25 → 45424 [ACK] Seq=19 Ack=31 Win=44032 Len=0 TSval=51132678 TSecr=806842126
1511880	1122.374429	64.176.213.39	209.85.160.45	SMTP	220	S: 250-forum-mail-receiver.localdomain | PIPELINING | SIZE 10240000 | VRFY | ETRN | ENHANCEDSTATUSCODES | 8BITMIME | DSN | CHUNKING
1511929	1122.405234	209.85.160.45	64.176.213.39	SMTP	112	C: MAIL FROM:<[REDACTED]@gmail.com> SIZE=3017
1511930	1122.405311	209.85.160.45	64.176.213.39	SMTP	102	C: RCPT TO:<[CATEGORY]@forum.tasat.org>
1511931	1122.405404	64.176.213.39	209.85.160.45	TCP	66	25 → 45424 [ACK] Seq=173 Ack=113 Win=44032 Len=0 TSval=51132709 TSecr=806842157
1511932	1122.405532	209.85.160.45	64.176.213.39	SMTP	2866	C: BDAT 3017 LAST | DATA fragment, 2784 bytes
1511933	1122.405660	209.85.160.45	64.176.213.39	SMTP/IMF	299	from: Todd Zimmerman <[REDACTED]@gmail.com>, subject: Space operas where the hero is not a "Chosen One",  (text/plain) (text/html)
1511993	1122.446635	64.176.213.39	209.85.160.45	TCP	66	25 → 45424 [ACK] Seq=173 Ack=3146 Win=41984 Len=0 TSval=51132751 TSecr=806842157
1512387	1122.715764	64.176.213.39	209.85.160.45	SMTP	94	S: 250 2.1.0 Ok | 250 2.1.5 Ok
1512445	1122.751435	209.85.160.45	64.176.213.39	TCP	66	45424 → 25 [ACK] Seq=3146 Ack=201 Win=269824 Len=0 TSval=806842503 TSecr=51133020
1512446	1122.751497	64.176.213.39	209.85.160.45	SMTP	114	S: 250 2.0.0 Ok: 3017 bytes queued as 3D37D309944
1512497	1122.782171	209.85.160.45	64.176.213.39	TCP	66	45424 → 25 [ACK] Seq=3146 Ack=249 Win=269824 Len=0 TSval=806842534 TSecr=51133055
1512499	1122.783518	209.85.160.45	64.176.213.39	SMTP	72	C: QUIT
1512500	1122.783562	64.176.213.39	209.85.160.45	TCP	66	25 → 45424 [ACK] Seq=249 Ack=3152 Win=43008 Len=0 TSval=51133087 TSecr=806842535
1512501	1122.783584	209.85.160.45	64.176.213.39	TCP	66	45424 → 25 [FIN, ACK] Seq=3152 Ack=249 Win=269824 Len=0 TSval=806842535 TSecr=51133055
1512503	1122.783969	64.176.213.39	209.85.160.45	SMTP	81	S: 221 2.0.0 Bye
1512504	1122.783994	64.176.213.39	209.85.160.45	TCP	66	25 → 45424 [FIN, ACK] Seq=264 Ack=3153 Win=43008 Len=0 TSval=51133088 TSecr=806842535
1512555	1122.814604	209.85.160.45	64.176.213.39	TCP	54	45424 → 25 [RST] Seq=3153 Win=0 Len=0

SES closes the connection in packet 12253 (FIN) for reasons known only to it.

As to why, this is something about which you’ll need to inquire to AWS.

1 Like

Much appreciated! I’ve asked carrd.co support to check logs, but they’re apparently based in a neighboring solar system. It may be a while before I have more info.

Well, I didn’t get any supporting information from carrd.co except they claimed to use “opportunitistic TLS” that should fall back to an unencrypted connection.

The one mail server health test that I wasn’t passing was the SMTP banner didn’t match the domain provided by the reverse DNS PTR record. Elsewhere on meta I turned up the idea of adding to mail-receiver.yml under env:

POSTCONF_smtpd_banner: forum.tasat.org ESMTP $mail_name

This resolved the flag re. SMTP banner mismatch, and the incoming mail failures changed from disconnecting at HELO to disconnecting at STARTTLS.

I finally enabled TLS, and email from the contact form comes through.

With the process now working, though, it’s illuminated some flaws in my whole idea of ingesting topics via a web form. But that’ll be another topic.

1 Like